security testing tools
As we know software security has become very essential due to wide use of software applications in our daily life.
Each and every electronic gadgets we use run on operating system and other necessary application softwares.
Following software security requirements lead to development of security based tools:
• Data confidentiality
• Data integrity
• Data availability
• Access control (read, write, read-write, execute, full control)
• privacy protection
• security protection
There are two types of security testing viz. functional testing and vulnerability testing. Functional testing assures tools dveloped comply with security standards and takes care of all the basic security functions as per requirement specifications. Vulnerability refers to any bugs in the software coding or in design. Vulnerability testing tests the tools as an attacker attacking the system's security application tools. It is also referred as penetration testing.
There are various security testing tools which include SARA,Qualys Free security scan, Qualys Gaurd, STAT scanner, Nessus security scanner, SAINT, NetiQ security Analyzer, Nikto scanner, tenable security center, SPI Dynamics web inspect, IBM Appscan, Acunetix web vulnerability scanner etc. Web application is in use tremandously owing to boom in internet supporting wireless and wireline technologies and devices.
web application security testing
Following are few of the vulnerabilities of a typical web application. This leads to development of web application security testing tools.
• cross site script
• SQL injection
• Adoption of wireless technologies with loop holes
• broken authentication
• session management
• use of unsecured open source softwares and applications
• Use of unsecured Pirated stuff
• Improper configuration to counter security
Tools-Wapiti, OWASP ZAP, Netsparker
Wapiti,OWASP ZAP and Netsparker are popular tools for web application security testing. These tools help developed best web application security softwares and applications.
Wapiti: This tool is developed by Nicolas Surribus in 2006 and is widely used as vulnerability scanner for the web application.
It will scan launched web site's web pages. It will inject the payload and checks for script's vulnerability. Basically it acts like a fuzzer.
Wapiti does not find all the vulnerabilities but it is good open source tool. It will help detect following vulnerabilities:
• Errors in File handling operations
• Database injection
• LDAP injection
• CRLF injection
• cross site scripting
OWASP ZAP: It is one of the penetration testing tool. The features are active scanning and fuzzing. Active scanning feature of ZAP tool helps find XSS and other type of vulnerabilities. Fuzzing feature of ZAP helps fuzz any portion of the application software. It is also open source software tool.